Bitcoin Forum

Hi,
Please don't ask me why, I'd had a couple of drinks and, for some reason I wanted to move some coins (0.1401 btc) from my Electrum wallet, to another address (1DPdT875jAn3KF4eRdSbopiqVEGhvbAZFi) on my own, same Electrum . The exact amount is drawn from my wallet, this was 8 days ago, and the amount shows up on the new address on blockchain.info (see link), but on my Electrum only the minus amount (-0.1401) is visible?
These coins is about 260 dollars now! Is the coins gone or..?
Please help, I'm broke, unemployed and this is VERY much for me. I've tried to read in this forum about just waiting for them to come in, but I don't know.. it has over 1200 confirmations so, well I have no idea what to do.

https://blockchain.info/address/1DPdT875jAn3KF4eRdSbopiqVEGhvbAZFi (https://blockchain.info/address/1DPdT875jAn3KF4eRdSbopiqVEGhvbAZFi)


All help is very much appreciated!
All the best
/ethan_hw

These coins were sent from the to 1DPdT875jAn3KF4eRdSbopiqVEGhvbAZFi address to 1EWvt2QYX6KSKHrMT1yZdhHE7F44tJzscX . Do you own or control the 1EW address? Does Electrum show the funds being sent to this address? If this isn't your wallet, then I recommend scanning your PC for malware that may have stolen your coins.

Can't find the 1EWvt2QYX6KSKHrMT1yZdhHE7F44tJzscX address right now (have more check, but it's sleep-time here now. Anyway, the 1EWvt2QYX6KSKHrMT1yZdhHE7F44tJzscX address MUST come from my wallet, since it is in me wallet, or am I an idiot now perhaps.. I mean; if I send money from my own wallet, to address that belongs to me, shouldn't the 0.1401 btc just swich from the address it was on, to the new one I sent it to?
Got to sleep now, but thanks very much for helping me out.
(I don't think it's malware, since I run a linux os and, well, it could be malware but i'm not sure that's the problem. I must have done something wrong, I guess, but I just sent coins like I always do, this time it just caught me off guard 'cause I still now nothing of what it could be).

The most imperative thing is to try and view the address: 1EWvt2QYX6KSKHrMT1yZdhHE7F44tJzscX in your Electrum wallet address list.  Any valid address matching the SEED will be shown there unless you did something hugely weird beyond the Electrum gap limit using an address beyond the gap configuration.  That takes some work to go there so I doubt you did that.  When you find your coins you will realize that you paid a transaction fee simply to move coins from one address to another in the same wallet.  Live and learn, its OK.  As long as both addresses in this transaction are clearly shown in your Electrum wallet you'll eventually get your coins.  Keep us in the loop.  For now check those two addresses.

I hate to be the negative guy... but honestly, I doubt that he owns that address... https://blockchain.info/address/1EWvt2QYX6KSKHrMT1yZdhHE7F44tJzscX

It looks to me like the collection address for something (possibly malware/trojan). "Total Received: 582.47734318 BTC". And then the deposits to that address regularly being consolidated in massive 40, 50, 60, 100 BTC chunks (https://blockchain.info/address/1EWvt2QYX6KSKHrMT1yZdhHE7F44tJzscX?filter=1)?? Yeah... that isn't some drunk guy moving coins from one address to another in the same Electrum wallet...  ::)

OP says he moved his coins TO the 1DPdT875jAn3KF4eRdSbopiqVEGhvbAZFi address... which would be this transaction (http://0266d068a4422c728e7a182f527e1b2a8bced0dc072c419dfd2803cdf35c9eeb). Then almost a full 12 hours later... we see this transaction (https://blockchain.info/tx/c9ef381f1885ff89e7715f2c5fc20b03fa6549f88cb3bc6f05bf3edafe2ac7b8) which moves the coins to 1EWvt2QYX6KSKHrMT1yZdhHE7F44tJzscX

The change address (https://blockchain.info/address/1LvhXuuRveerECEtQdF5UEqeRmM9rxYLA5) still has funds in it. It's very strange but most of the transactions to 1EW are like that. Change addresses are left untouched. What sort of malware leaves money behind?

OP you can check if a particular address belongs to your wallet using this command typed on the console tab:


If it displays true then the address is yours.

First; thanks so for helping out.

Just came from a meeting and gonna check out more after that 1EW when I get home. But if I can't find it, is kollohs the most likeable truth in this event? I will, of course, check out that terminal Abdussamad.
I'm just so baffled that it can go SO wrong; switching coins from one my own addresses, to another address on my own wallet, (same) wallet? In.my brain that looks impossible! But my brain might have a lot of learn (even tho I don't consider myself as a total noob..)
On my way home now, gonna try your suggestions. (I'm sure I'll be back...)

If your coins were stolen, and I hope its not the case, you likely did nothing wrong in the strict sense of my meaning.  Malware for BTC is getting quite good and if your computer has certain software hiding on it the address can be changed as noted by others above.  Its one of the reasons I (and many others here) will not use a SEED bearing full wallet on an online computer.  I use a hardware wallet where the receiving address is displayed on the device's screen.  If I verify the address and then click to send funds, ONLY that address will be coded to receive the coins I am sending.  There is no seed or way for an "imposter" to hijack my coins as long as I confirm the address on the screen before completing the transaction.  I know this won't help you here but I am explaining to you how and why malware is able to "hijack/steal" your coins by an address re-direct.

Ok, Coin-keeper, I think I got it (might need to read it a few times more so I can get a 'picture' in my mind) and thanks for future help! I've got a quesion though: is what you explaining "some what" like having a formated computer that has never touched the interwebs, and then you use, let's say electrum because I'm familiar with it, and sending all the coins to an address to that computer? In "some what" i mean if that is about safe enough for now, because my sister is about to by a new puter and I can surely have her old one. And have that like a hard wallet?
Abdussamad, I tried running the command but got syntax error "unexpected token ("1EWvt2QYX6KSKHrMT1yZdhHE7F44tJzscX");
I have tried the ' and ' instead of , but same error.
Ok, just a pretty important ques: is it safe to still have my coins on my Electrum wallet(s)?
I found a few malware programs but is it someone how might know the very, very BEST for Linux?! Hehe...

Did you run it on the console tab of the electrum window? Because that's where you run it not in a linux terminal window.

Also try omitting the semicolon at the end (force of habit :)).

Oh, well do I feel like a f*ck head! Had never even noticed that electrum has ha console!
But now I know that I've been hit by something cause it sadly comes out:
False

What to do now?
My first thought is to swear out loud every lame shitfaced words I can come up with, but that won't make it any better, so not even thats gonna happen. They are clearly gone (from me) forever.
But any thoughts about my internet-free-computer as a hardwallet, is it to much work for not that much of safetyness (ex my english, I'm Scandinavian)?
And also; do I have to make any immediate changes right now, is my computer at risk all the time now, or is it when I try to send coins only?

Thanks a bunch for that console command, I'm gonna use that on every wallet I have before I send send from a address.

In that case it looks like you are the victim of a malware attack like HCP said. This PC of yours should now be considered suspect. You should backup the seed words of your electrum wallet (wallet menu > seed), reformat your hard drive and reinstall windows on it.

It is indeed possible to use an offline computer as a safer wallet. Another option is to create a multisig wallet where two wallets on two separate devices (like a PC+mobile or two PCs)must sign off on any spending transactions. This way if one device is infected with malware the malware author cannot steal your bitcoin because the other device won't sign off on any transactions.

Offline computer wallet aka cold storage: http://docs.electrum.org/en/latest/coldstorage.html
Multisig: http://docs.electrum.org/en/latest/multisig.html

Electrum does have an android version which you can use for multisig together with your PC.

I also suggest looking into copay wallet. I found it very easy to do a multisig setup with that. Copay supports mobiles and PCs too.

Ok, thanks.
I do have may computer running Linux (and mac OS, but no Windows piece of horror on this anyway) though, the late 2010 Mac If I remember correct, can look up if it's important. Since I'm a bit paranoid I only have my seed written down offline on regular paper, on two places, hehe... And I don't like the idea of having my seed on any electronic device, ever. Actually, I don't even wanna copy / paste my seed with any command! I know, I might overdo it, but look what happened anyway. My Linux dist of choice (Elementaty, always up to date) is also very well set up nice for my own taste and needs. But do you still think its a good idea to format and begin the rather boring setup changes so that it again fits how like to have it? Also: I do have a password needed to print before sending any coins to address of choice. But I guess that does nothing to help, since the malware must 'activate' after the correct password is okay:ed by Electrum. Or are, in fact, all of my sending to any address most likely to be affected by this malware, even if I find a awesome malware program that could hopefully clean it away from my puter so I don't HAVE to format it..?
I've also looked up some malware programs for Linux, but would be very happy if you, or anyone, could give me a hint on what is the best of them?

(Multisig is just the same as 2FA I guess? gosh I'm lazy. But you offer very complete answers, so I'm taking advantage off that!)

And, just for closure; there is NO WAY I could get that coins back, right? I'm completely convinced that's the case so, economically, I just have to live whit it... I do not care about the coins now, I just want to have as much information on how this can be prevented if / when it could happen again.